Ingredients for Architecting the Security of Things

One of Tripwire’s many strengths is our ability to collect security data and build meaning from it. Meanwhile, the rapidly emerging Internet of Things (IoT) poses some juicy problems to tackle in this regard.

How do we monitor very small devices with limited memory, processing and I/O resources?

Smaller devices (typically) means cheaper devices, which leads to many, many more devices than what you would find on a machine room floor, the result being larger volumes of security data. How do we store and process all the security data to make it more meaningful for our customers?

How do we measure change for IoT devices? What kinds of information do we monitor? There are many great techniques and technologies to consider for answering these problems.

For example, we could build our own IoT security devices which monitor the other IoT security devices using amazing device toolkits, such as Spark. Or more likely, dig into the trove of excellent products Belden offers. We could even monitor the conversation between “things” on a MQTT bus.

As for data and processing, thankfully there is a plethora of new and upcoming options. I’ve been looking at processing infrastructures, such as Spark (not the same Spark as the device toolkit mentioned above), Storm, as well as new time series databases like InfluxDB.

Of course, there is the usual host of horizontally scalable technologies, including Hadoop, Cassandra, Elasticsearch, MongoDB and my personal favorite –Datomic. Note: to be clear, each of those technologies brings a very different feature set to bear on data.

But the storage of security data at scale isn’t the most interesting aspect of the data problem. We want to consider techniques for organizing the data, so that its not just a meaningless morass of bits. One of the more interesting techniques to bringing structure to lots of data and yet not loose detail is James Dixon’s idea of a DataLake. But, we should design in just enough structure and detail to answer the important security questions for which our customer demand answers.

In the end, architecting the security of things is really about the questions our customers need answers to and the data we will collect and evaluate to answer those questions. Its clear to me the Internet of Things is changing the world and it certainly poses some fun problems to tackle, yet the fundamental goal of securing our customer’s technical infrastructure remains unchanged.

What are your most urgent security questions related to the Internet of Things? Where are your biggest challenges securing your machine room floor, power generation system, or sensor network?

Resources:

Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.